[12624] in bugtraq
Re: Oracle 8 root exploit
daemon@ATHENA.MIT.EDU (Chris Calabrese)
Wed Nov 17 14:27:27 1999
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Message-Id: <19991116212349.23815.rocketmail@web220.mail.yahoo.com>
Date: Tue, 16 Nov 1999 13:23:49 -0800
Reply-To: Chris Calabrese <chris_calabrese@YAHOO.COM>
From: Chris Calabrese <chris_calabrese@YAHOO.COM>
X-To: Elias Levy <aleph1@SECURITYFOCUS.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
I just tested some machines both with and without
Oracle's patch for the bug related to trusting
$ORACLE_HOME when calling dbsnmp.
Good news. The patch does indeed address the bug
related to using sym-links from ./dbsnmpc.log and
./dbsnmpw.log to over-write root-owned files that
Brock Teller reported on the other day.
However, Intelligent Agent 8.1.5 (the version Brock
reported on) does not have a patch available for it.
This is pretty strange considering that there's a
patch for 8.0.5 and that other 8.0.6 and 8.1.x
releases don't have the vulnerability.
=====
__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com
